Privacy Policy

Varicent ("us", "we", or "our") operates the www.varicent.com website (hereinafter referred to as the "Service"). We provide sophisticated sales performance management solutions to global enterprises. Thus, we may collect personal data from a variety of individuals including, business clients, as well as sales representatives who may interact with our software in the performance of their duties.

This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from www.varicent.com.

Definitions

Service

Personal Data

Personal Data means any information about a living individual who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Cookies

Cookies are small files stored on your device (computer or mobile device).

Data Controller

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed.For the purpose of this Privacy Policy, we are a Data Controller of the Personal Data we collect our business customers.

Data Processors (or Service Providers)

Data Processor (or Service Provider) means any natural or legal person who processes the Personal Data on behalf of the Data Controller.We may use the services of various Service Providers in order to process the Personal Data more effectively. We also serve as a Data Processor to many of our business customers who use our Service for their business sales and operational purposes.

Data Subject (or User)

Data Subject is any living individual who is using our Service and is the subject of Personal Data.

Purpose for Personal Data Collection and Use

We collect several different types of Personal Data in order to:

provide, maintain and improve our Service to you;

notify you about changes to our Service;

allow you to participate in interactive features of our Service when you choose to do so;

provide customer support;

gather analysis or valuable information so that we can improve our Service;

monitor the usage of our Service;

detect, prevent and address security or other technical issues; and

to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.

Types of Personal Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain Personal Data including, but not limited to:

Email address;

First name and last name;

Phone number;

Country; and

Cookies and Usage Data.

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you where we have your consent to do so. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send.

Our service also collects and uses sales information, including at the employee level, to provide metrics and sales performance support. Accordingly, we collect and process information about sales performance at the employee or sales representative level on behalf of our clients, which is processed at both the individual sales performance level and at aggregate levels. This information is used by our clients pursuant to their own privacy policies and procedures to support key sales and other operational objectives, and in this

context our clients are the data controllers of Personal Data processed as part of our Services.

Usage Data

We may also collect Usage Data on how the Service is accessed and used. This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Cookies and Other Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are stored on your device and consist of two different types; session and persistent. Session cookies enable us to recognise your actions during the browsing session, are temporary and expire when you close your browser and are not stored beyond this. Persistent cookies remain stored on your device after you close your browser until they expire or when you delete them. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyse our Service.

Cookies give us insight into how people use our Service to help us keep improving it.

Cookies do lots of different things, such as helping us to

avoid asking you to register or complete details twice;

estimate the number of visitors to our Service, including the source and patterns relating to this traffic; and

understand how visitors use the Service, and how we can enhance this experience.

Certain of these cookies are strictly necessary to the access and operation of the Service and other cookies used are non-essential to the access and operation of the Service.

Please see below for more information on our use of cookies.Examples of Cookies we use:

Session Cookies. We use Session Cookies to operate our Service.

Preference Cookies. We use Preference Cookies to remember your preferences and various settings.

Security Cookies. We use Security Cookies for security purposes.

Name

Cookie

Purpose

Cookie Settings

consent, necessaryConsent, analyticsConsent

This cookie allows us to remember the cookie settings users have enabled on our site.

Google Analytics

Non-essential persistent cookies

These cookies are used to:

give us insight into how people use our Service in order to help us improve the Service; and

provide estimates of the number of visitors to our Service, including the source and patterns of the user traffic, in order to see how we can enhance your experience when visiting the Service.

We will only use Google Analytics where we have your prior consent to do so, which can be given via the cookie banner on our Service.

You are able to accept or reject all cookies, including cookies that are necessary to the functioning and accessibility of our Service, via your browser settings. However, please note that rejecting necessary cookies, may result in you not being able to use some portions of our Service.

In addition, you can also manage your preferences through the cookie banner on the homepage of our Service, where you have the option of accepting the use of non-essential cookies on your device.

We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Children's Privacy

Our Service does not address anyone under the age of 18 ("Children").

We do not knowingly collect Personal Data or California Information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data or California Information, please contact us. If we become aware that we have collected such data from children without verification of parental consent, we take steps to remove that information from our servers.

Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using Personal Data, as described in this Privacy Policy, depends on the Personal Data we collect and the specific context in which we collect it.

We may process your Personal Data because:

We need to enter and perform a contract with you;

You have given us permission to do so;

The processing is in our legitimate interests and it is not overridden by your rights; and

To comply with applicable laws.

Where we require your Personal Data to enter into a contract with you or to comply with applicable laws, failure to provide this Personal Data may mean we are unable to provide Services to you. We will tell you when we ask for your Personal Data whether it is a statutory or contractual requirement to give us the Personal Data and the consequences of not providing such Personal Data.

Retention of Data

Varicent will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

Varicent will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.

Transfer of Data

Your information, including Personal Data, may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside Canada and choose to provide information to us, please note that we transfer the data, including Personal Data, to Canada and process it there.

Your consent to this Privacy Policy followed by your submission of such Personal Data represents your agreement to that transfer.

Where you are located in the European Economic Area (“EEA”) and the United Kingdom, your Personal Data may be transferred to - and maintained on – our computers located outside of the EEA or the United Kingdom or to other recipients located in countries outside of the EEA and the United Kingdom which may not have data privacy laws equivalent to those in the EEA or the United Kingdom. By submitting your Personal Data to us, you consent to the transfer of your Personal Data to us and the other recipients described in this Notice that are located in countries outside of the EEA or the United Kingdom. You may withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Varicent will take all the steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy and applicable data privacy laws and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your Personal Data .

Disclosure of Data

Disclosures to Business Clients as Part of the Service

When we provide our sales performance management services to our clients, we process personal data of their employees as directed by our business clients, and our business clients control and have access to that information. We only disclose personal data as permitted by our agreements with our business clients or as otherwise required by law.

Disclosures to Service Providers and Other Third Parties

We may share Personal Data with our third party service providers that support our products and services, or other operational needs, as well as assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose, pursuant to agreements entered into with Service Providers that comply with applicable data privacy laws, including, to the extent applicable, the EU General Data Protection Regulation 2016/679 (“GDPR”), the Californian Consumer Privacy Act (“CCPA”), and other laws that are similar, equivalent to, successors to, or that are intended to supplement the GDPR and CCPA. We may have liability to you in case of failure to comply with the law or this policy in handling onward transfer of your Information to third parties.

Analytics

We may use third-party Service Providers to monitor and analyse the use of our Service.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

Varicent uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimise and serve ads based on your past visits to our Service.

Google Ads (AdWords)

Google Ads (AdWords) remarketing service is provided by Google Inc.

You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads

Google also recommends installing the Google Analytics Opt-out Browser Add-on - https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

We may also share Personal Data with third parties to comply with legal obligations; when we believe in good faith that an applicable law requires it; at the request of governmental authorities or other third parties conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of our business, third parties, visitors to our websites, or the public. We may also share Personal Data with any person to whom we transfer any of our rights or obligations under any agreement, or in connection with a sale, merger or consolidation of our business or other transfer of our assets, whether voluntarily or by operation of law, or who is otherwise deemed to be our successor or transferee.

Disclosure for Law Enforcement

Under certain circumstances, Varicent may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

Varicent may disclose your Personal Data in the good faith belief that such action is necessary to:

To comply with a legal obligation

To protect and defend the rights or property of Varicent

To prevent or investigate possible wrongdoing in connection with the Service

To protect the personal safety of users of the Service or the public

To protect against legal liability

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Security of Data

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. We have implemented reasonable information security policies and procedures commensurate with the sensitivity of the information and commercially acceptable standards to protect your Personal Data. However we cannot guarantee its absolute security.

If you are a resident of the European Economic Area (EEA), you have certain data protection rights subject to certain limitations and/or restrictions:

The right to access, update or delete the information we have on you.The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.The right to object. You have the right to object to our processing of your Personal Data.The right of restriction. You have the right to request that we restrict the processing of your Personal Data.The right to data portability. You have the right to be provided with a copy of the Personal Data we have on you in a structured, machine-readable and commonly used format.The right to withdraw consent. You also have the right to withdraw your consent at any time where we have relied on your consent to process your Personal Data.The right not to be subject to automated decision-making. You also have the right not to be subject to a decision based solely on automated processing of Personal Data, including profiling, which produces legal effects concerning you or similarly significantly affecting you.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Your Data Protection Rights under Certain US State Laws

This US State Privacy Rights and Disclosure section addresses legal obligations and rights specified in the California Consumer Privacy Act, or CCPA, and similar U.S. state laws. These obligations and rights apply to residents of certain US State laws and to information that identifies, relates to, describes, is reasonably capable of being associated with, or could

reasonably be linked, directly or indirectly, with a consumer, household or device. It does not include deidentified or aggregate information, or public information lawfully available from governmental records.

The following chart describes the categories of Personal Data we may have collected about you in the past 12 months and, for each category, where and why we collected it, and the categories of entities with which we shared the Personal Data, if any.

Category of Personal Data

Sources from which Personal Data was collected

Purpose of collection

Categories of entities with which Personal Data was shared

Address and other identifiers – such as name, postal address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers

Directly from you

From your employer

From other third parties, including clients, business contacts and third party sales software and systems

From publicly available information

To provide and operate the software and services

to contact you to discuss the services or products you receive from us

to respond to any questions or concerns you have raised

to deal with administrative matters such as invoicing, renewal or to audit performance management metrics and transactions

to perform services on our behalf, such as customer service, processing or fulfilling orders, and processing payments

to comply with applicable law, company policies or carry out related compliance checks and controls

to verify your identity or for other fraud and/or crime prevention

to debug errors in our systems

for marketing and advertising purposes

for internal research, analytics and development

Your employer

Professional advisers, including accountancy and legal firms, in order to provide us with advice;

Service providers, including to provide and support our data management, analytics, security, and storage systems;

Third party business partners to your employer.

Unique and online identifiers – such as IP address, device IDs, or other similar identifiers

Directly from you

From your employer

To provide and operate the software and services

to comply with applicable law, company policies or carry out related compliance checks and controls

to verify your identity or for other fraud and/or crime prevention

to debug errors in our systems

for marketing and advertising purposes

for internal research, analytics and development

Service providers, including to provide and support our data management, analytics, security, and storage systems;

Financial information Directly from you

From your employer

From other third parties, including clients, business contacts and third party sales software and systems

To provide and operate the software and services

to contact you to discuss the services or products you receive from us

to respond to any questions or concerns you have raised

to deal with administrative matters such as invoicing, renewal or to audit performance management metrics and transactions

to perform services on our behalf, such as customer service, processing or fulfilling orders, and processing payments

to comply with applicable law, company policies or carry out related compliance checks and controls

to verify your identity or for other fraud and/or crime prevention

to debug errors in our systems

for marketing and advertising purposes

for internal research, analytics and development

Your employer

Professional advisers, including accountancy and legal firms, in order to provide us with advice;

Service providers, including to provide and support our data management, analytics, security, and storage systems;

Third party business partners to your employer.

Commercial information – such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Directly from you

From your employer

From other third parties, including clients, business contacts and third party sales software and systems

From publicly available information

To provide and operate the software and services

to contact you to discuss the services or products you receive from us

to respond to any questions or concerns you have raised

to deal with administrative matters such as invoicing, renewal or to audit performance management metrics and transactions

to perform services on our behalf, such as customer service, processing or fulfilling orders, and processing payments

for marketing and advertising purposes

for internal research, analytics and development

Your employer

Professional advisers, including accountancy and legal firms, in order to provide us with advice;

Service providers, including to provide and support our data management, analytics, security, and storage systems;

Third party business partners to your employer.

Education or other professional information Directly from you

From your employer

From other third parties

From publicly available information

To provide and operate the software and services

for marketing and advertising purposes

for internal research, analytics and development

Your employer

Professional advisers, including accountancy and legal firms, in order to provide us with advice;

Service providers, including to provide and support our data management, analytics, security, and storage systems;

Third party business partners to your employer.

Geolocation Information

Directly from you

From your employer

To provide and operate the software and services

to verify your identity or for other fraud and/or crime prevention;

Service providers, including to provide and support our data management, analytics, security, and storage systems;

Professional advisers, including accountancy and legal firms, in order to provide us with advice;

Service providers, including to provide and support our data management, analytics, security, and storage systems;

Third party business partners to your employer.

Privacy Rights to Request Disclosure of Information We Collect and Share about You

If you are a California resident, California’s Shine the Light law permits you to request information about our practices related to the disclosure of your Personal Data by Varicent to certain third parties for their direct marketing purposes. You may be able to opt-out of our sharing of your California Information with unaffiliated third parties for the third parties’ direct marketing purposes in certain circumstances. Please send your request (along with your full name, email address, postal address, and the subject line labeled “Your California Privacy Rights”) by email at privacy@varicent.com.

In addition, if we collect your Personal Data for our own purposes, rather than merely process your Personal Data on behalf of another company, and you are a California resident, the CCPA grants you the right to request certain information about our practices with respect to California Information. In particular, you can request the following:

The categories of your Personal Data that we’ve collected.

The specific pieces of your Personal Data that we have collected.

The categories of sources from which we collected Personal Data.

The business or commercial purposes for which we collected or sold Personal Data.

The categories of third parties with which we shared Personal Data.

You can submit a request to us for the following additional information:

The categories of third parties to whom we’ve sold Personal Data, and the category or categories of Personal Data sold to each.

The categories of Personal Data that we’ve shared with service providers who provide services for us, like processing your bill.

To exercise your CCPA rights with request to this information, send us an email at privacy@varicent.com. These requests for disclosure are generally free.

Your Right to Request the Deletion of Personal Data

Upon your request, we will delete the Personal Data we have collected about you, except for situations when that information is necessary for us to: provide you with a product or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; comply with or exercise rights provided by the law; or use the information internally in ways that are compatible with the context in which you provided the information to us, or that are reasonably aligned with your expectations based on your relationship with us.

To exercise your right to request the deletion of your Personal Data, send us an email at privacy@varicent.com. These requests for disclosure are generally free.

Your Right to Ask Us Not to Sell Your Personal Data

We do not, and will not, sell Personal Data to third parties.

Our Support for the Exercise of Your Data Rights

We are committed to providing you control over your Personal Data. If you exercise any of these rights explained in this section of the Privacy Policy, we will not disadvantage you. You will not be denied or charged different prices or rates for goods or services or provided a different level or quality of goods or services.

How We Will Handle a Request to Exercise Your Rights

For requests that relate to Personal Data that we process on behalf of another company, including specifically sales performance data that is processed through our sales performance management solutions for global enterprises, we are not able to directly process any privacy requests, and would direct you to submit your request directly to our client.

For requests for access or deletion of information Varicent collects and processes directly as a controller, we will first acknowledge receipt of your request of your request. We will provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we’ll let you know.

When you make a request to access or delete your personal data, we will take steps to verify your identity. These steps may include asking you for personal data, such as your name, address, or other information we maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial.

You may also designate an authorized agent to submit requests on your behalf. If you do so, you will be required to verify your identity by providing us with certain personal data as described above. Additionally, we will also require that you provide the agent with written permission to act on your behalf, and we will deny the request if the agent is unable to submit proof to us that you have authorized them to act on your behalf.

Dispute Resolution

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. Additionally, and as described in the Privacy Shield Principles, you may also have the option of invoking binding arbitration after other dispute resolution procedures have been exhausted.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

Privacy Shield Statement

Varicent complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union or Switzerland to the United States. Varicent has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

U.S. Federal Trade Commission Jurisdiction

The Federal Trade Commission has jurisdiction over Varicent’s compliance with the Privacy Shield.

Dispute Resolution

In compliance with the Privacy Shield Principles, Varicent commits to resolve complaints about our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Varicent’s privacy officer at:

Varicent has further committed to refer unresolved Privacy Shield complaints to JAMS at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS (https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim) for more information or to file a complaint. The services of JAMS are provided at no cost to you.